Merge pull request #279 from DouweM/patch-1

mveytsman · web-flow · commit c4507e7c8a31 · 2017-02-22T16:57:03.000-05:00
ActionView and ActiveRecord 4.2.8 are patched for these vulnerabilities
diff --git a/gems/actionview/CVE-2016-6316.yml b/gems/actionview/CVE-2016-6316.yml
@@ -51,5 +51,6 @@ unaffected_versions:
 
 # "~> 3.2.22.3" is found in gems/actionpack/CVE-2016-6316.yml
 patched_versions:
-  - ~> 4.2.7.1
+  - "~> 4.2.7.1"
+  - "~> 4.2.8"
   - ">= 5.0.0.1"
diff --git a/gems/activerecord/CVE-2016-6317.yml b/gems/activerecord/CVE-2016-6317.yml
@@ -70,4 +70,4 @@ unaffected_versions:
   - ">= 5.0.0"
 
 patched_versions:
-  - ~> 4.2.7.1
+  - ">= 4.2.7.1"
